Certified Information Systems Auditor (CISA) — Question 1138

An IS auditor has been asked to review the integrity of data transfer between two business-critical systems that have not been tested since implementation. Which of the following would provide the MOST useful information to plan an audit?

Answer options

• A. Quality assurance (QA) testing
• B. System change logs
• C. IT testing policies and procedures
• D. Previous system interface testing records

Correct answer: D

Explanation

The correct answer is D, as previous system interface testing records will provide historical data on any issues or successful transfers, allowing for a better understanding of the current integrity. Options A, B, and C may provide context but do not focus specifically on the past performance of the data transfer itself.